‼ CVE-2022-24821 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1283 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-27152 ‼
📖 Read
via "National Vulnerability Database".
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.📖 Read
via "National Vulnerability Database".
🕴 BakerHostetler Launches 2022 Data Security Incident Response Report — Resilience And Perseverance 🕴
📖 Read
via "Dark Reading".
Ransomware remained the most prevalent and impactful type of data security incident.📖 Read
via "Dark Reading".
Dark Reading
BakerHostetler Launches 2022 Data Security Incident Response Report — Resilience And Perseverance
Ransomware remained the most prevalent and impactful type of data security incident.
🕴 Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine 🕴
📖 Read
via "Dark Reading".
The operation aimed to disrupt cyber espionage activity a Russian GRU group was using for the Ukraine war.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Sinkholes Russian Hacking Group's Domains Targeting Ukraine
The operation aimed to disrupt cyber espionage activity a Russian GRU group was using for the Ukraine war.
‼ CVE-2022-24820 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24819 ‼
📖 Read
via "National Vulnerability Database".
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43149 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24428 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43009 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26851 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36288 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26852 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36287 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26180 ‼
📖 Read
via "National Vulnerability Database".
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22563 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36290 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26588 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26855 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-36293 ‼
📖 Read
via "National Vulnerability Database".
Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26854 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access📖 Read
via "National Vulnerability Database".